DataHub Weekly | 🤝 Soft Opt-In & Consent

Jun 06, 2025 4:31 am

image


⚖️📄 Featured Data Protection Determinations

What Are Regulators Saying?

We spotlight real rulings and decisions from Africa’s data protection authorities. Whether it’s a fintech misstep or a lesson in lawful consent, each case offers practical insights for businesses navigating compliance in a fast-changing landscape. Here’s what caught our eye this month in Kenya 👇🏾


Third Party Compliance

Platinum Credit failed to demonstrate that they took all reasonable measures to ensure their agents complied with the Data Protection Act's provisions. Their agents continued calling the Complainant about their products and ignored repeated requests to stop. Read more in DataHub


Data Breach

It was alleged that the director of a sports federation, shared the complainants personal data with a third party without consent. The Respondents claimed they shared the data for legitimate reasons and notified the ODPC after becoming aware of the breach.The ODPC found the Respondents violated the Data Protection Act by failing to promptly report the data breach and sharing data without consent. They issued an Enforcement Notice and held the Respondents liable. Read more in DataHub


Disciplinary Processes

The Complainant alleged her personal data was processed by Samasource without consent during an employment investigation. Samasource argued that written consent was given for data on the work laptop. The ODPC found valid consent existed and processing was limited to the laptop, deeming it lawful. The complaint was dismissed. Read more in DataHub


Obstruction of Justice

Samuel Waweru complained of unsolicited promotional calls and messages from Platinum Credit Ltd's agent despite no prior engagement or consent. Platinum Credit initially denied knowing the applicant but later stated the agent's actions were within their mandate. The ODPC found the respondent processed the data without express consent for commercial purposes. The final ruling held them liable, ordered KES 400,000 compensation, and recommended prosecution of directors for providing false information. Read more in DataHub


Access Easy-to-Read Summaries of Determinations in Africa


🧠 Compliance Corner: Quick Quiz

Which of the following has been the most common reason Kenyan companies, especially fintechs, have landed in hot water with the ODPC?

A) Failing to register as data controllers

B) Not having a Data Protection Officer (DPO)

C) Sending marketing texts without consent

D) Using personal data collected indirectly (e.g., from third parties) without informing the data subject


Answer: D — Using personal data collected indirectly without informing the data subject.

📉 This has become a frequent red flag, especially in fintech and credit scoring apps.


The ODPC has made it clear: if you collect personal data not directly from the individual, you're required to notify them, and in many cases, get consent. Failure to do so? That’s how you end up with an enforcement notice.


imageThe Fines Database is Live!

Our Fines Database is searchable, regularly updated resource tracking data protection enforcement actions in Africa.

Largest Fine This Week: KES.1M against Tulia Amboseli Safari Ranch Ltd


🔗 Explore the Fines Database → The Fines Database



🔍 The Privacy Lens | Featured Article

image

Soft Opt-In and Direct Marketing: What Benin Gets Right About Data Protection

As African countries advance their data protection regimes, a growing divergence is emerging in how they balance consumer privacy with business needs, particularly around direct marketing and consent. This article compares Benin’s “soft opt-in” model, which allows limited marketing without prior consent under specific conditions, with Kenya’s stricter stance, recently affirmed in the Jaggys (Kienyeji) ruling by the ODPC. Through this lens, we explore how regulatory choices are shaping everyday business communications and what this means for compliance across the continent.

---

This is a summary of an article appearing on DataHub | The Privacy Lens, A Blog. You can read the full article for a more detailed analysis by clicking on the link below.


🔗 Click Here to Read the Full Article


🎙️ Audio Notes, a Podcast

image

Audio Notes, powered by NotebookLM, makes it easier to access and engage with the wealth of information available on the platform

Have a Listen | Truehost Nuking Data and the Right of Access


👩🏾‍🏫 Training & Advisory

imagePractical, down-to-earth advice and training through Compliance Workshops to build on your team's knowledge. Microlearning Courses available via the MZIZI Africa LMS.

Email: [email protected]


________________________________________________________________


Follow DataHub on LinkedIn, Twitter or check us out online.


DataHub is a free to use to use resource by MZIZI Africa

Comments
avatar Nicholas
Great overview—clear consent practices can improve both user trust and long-term engagement. It's also helpful to review how public-facing information is organized and maintained for accuracy, as seen through https://pinalcountycourts.org Keeping consent requests simple, transparent, and easy to manage makes the overall user experience much better.
avatar Amanda Clark
Interesting discussion on Soft Opt-In & Consent and how it improves transparency in digital data handling. Consent-based systems are clearly becoming a key part of building user trust and responsible communication practices. I also came across https://sanbernardinocountycourts.org which provides helpful structure for accessing public record information. Overall, these approaches make information systems more organized, accountable, and user-focused.
avatar Steven
Great discussion on soft opt-in and consent practices, especially how they improve transparency in data-driven environments. Clear consent handling not only builds trust but also strengthens long-term user engagement when done correctly. For additional reference on court-related public access and record checking, you can view https://henrycountycourts.org which may help with structured information lookup. Overall, aligning consent standards with accessible information systems can make data usage more responsible and user-friendly.
avatar William
If you're collecting user information, it's worth keeping consent requests simple and easy to understand. Clear communication helps build trust and encourages better participation over time. For anyone looking to understand how local court systems are organized https://inghamcountycourts.org provides useful public information that may help. A transparent approach to permissions and data use always creates a better experience for everyone.